netfilter: provide udp*_lib_lookup for nf_tproxy

It is now possible to enable the libified nf_tproxy modules without
also enabling NETFILTER_XT_TARGET_TPROXY, which throws off the
ifdef logic in the udp core code:

net/ipv6/netfilter/nf_tproxy_ipv6.o: In function `nf_tproxy_get_sock_v6':
nf_tproxy_ipv6.c:(.text+0x1a8): undefined reference to `udp6_lib_lookup'
net/ipv4/netfilter/nf_tproxy_ipv4.o: In function `nf_tproxy_get_sock_v4':
nf_tproxy_ipv4.c:(.text+0x3d0): undefined reference to `udp4_lib_lookup'

We can actually simplify the conditions now to provide the two functions
exactly when they are needed.

Fixes: 45ca4e0cf273 ("netfilter: Libify xt_TPROXY")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>

---
 net/ipv4/udp.c | 4 +---
 net/ipv6/udp.c | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

-- 
2.9.0

On Tue, 2018-06-05 at 13:40 +0200, Arnd Bergmann wrote:
> It is now possible to enable the libified nf_tproxy modules without

> also enabling NETFILTER_XT_TARGET_TPROXY, which throws off the

> ifdef logic in the udp core code:

> 

> net/ipv6/netfilter/nf_tproxy_ipv6.o: In function `nf_tproxy_get_sock_v6':

> nf_tproxy_ipv6.c:(.text+0x1a8): undefined reference to `udp6_lib_lookup'

> net/ipv4/netfilter/nf_tproxy_ipv4.o: In function `nf_tproxy_get_sock_v4':

> nf_tproxy_ipv4.c:(.text+0x3d0): undefined reference to `udp4_lib_lookup'

> 

> We can actually simplify the conditions now to provide the two functions

> exactly when they are needed.

> 

> Fixes: 45ca4e0cf273 ("netfilter: Libify xt_TPROXY")

> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

> ---

>  net/ipv4/udp.c | 4 +---

>  net/ipv6/udp.c | 4 +---

>  2 files changed, 2 insertions(+), 6 deletions(-)

> 

> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c

> index 4f16e5d71875..3365362cac88 100644

> --- a/net/ipv4/udp.c

> +++ b/net/ipv4/udp.c

> @@ -544,9 +544,7 @@ EXPORT_SYMBOL_GPL(udp4_lib_lookup_skb);

>  /* Must be called under rcu_read_lock().

>   * Does increment socket refcount.

>   */

> -#if IS_ENABLED(CONFIG_NETFILTER_XT_MATCH_SOCKET) || \

> -    IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TPROXY) || \

> -    IS_ENABLED(CONFIG_NF_SOCKET_IPV4)

> +#if IS_ENABLED(CONFIG_NF_TPROXY_IPV4) || IS_ENABLED(CONFIG_NF_SOCKET_IPV4)

>  struct sock *udp4_lib_lookup(struct net *net, __be32 saddr, __be16 sport,

>  			     __be32 daddr, __be16 dport, int dif)

>  {

> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c

> index 967acff95bbe..164afd31aebf 100644

> --- a/net/ipv6/udp.c

> +++ b/net/ipv6/udp.c

> @@ -285,9 +285,7 @@ EXPORT_SYMBOL_GPL(udp6_lib_lookup_skb);

>  /* Must be called under rcu_read_lock().

>   * Does increment socket refcount.

>   */

> -#if IS_ENABLED(CONFIG_NETFILTER_XT_MATCH_SOCKET) || \

> -    IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TPROXY) || \

> -    IS_ENABLED(CONFIG_NF_SOCKET_IPV6)

> +#if IS_ENABLED(CONFIG_NF_TPROXY_IPV6) || IS_ENABLED(CONFIG_NF_SOCKET_IPV6)

>  struct sock *udp6_lib_lookup(struct net *net, const struct in6_addr *saddr, __be16 sport,

>  			     const struct in6_addr *daddr, __be16 dport, int dif)

>  {


LGTM,

Acked-by: Paolo Abeni <pabeni@redhat.com>


Thanks,

Paolo

Arnd Bergmann <arnd@arndb.de> ezt írta (időpont: 2018. jún. 5., K, 13:41):
>

> It is now possible to enable the libified nf_tproxy modules without

> also enabling NETFILTER_XT_TARGET_TPROXY, which throws off the

> ifdef logic in the udp core code:

>

> net/ipv6/netfilter/nf_tproxy_ipv6.o: In function `nf_tproxy_get_sock_v6':

> nf_tproxy_ipv6.c:(.text+0x1a8): undefined reference to `udp6_lib_lookup'

> net/ipv4/netfilter/nf_tproxy_ipv4.o: In function `nf_tproxy_get_sock_v4':

> nf_tproxy_ipv4.c:(.text+0x3d0): undefined reference to `udp4_lib_lookup'

>

> We can actually simplify the conditions now to provide the two functions

> exactly when they are needed.

>

> Fixes: 45ca4e0cf273 ("netfilter: Libify xt_TPROXY")

> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

Acked-by: Máté Eckl <ecklm94@gmail.com>

From: Arnd Bergmann <arnd@arndb.de>

Date: Tue,  5 Jun 2018 13:40:34 +0200

> It is now possible to enable the libified nf_tproxy modules without

> also enabling NETFILTER_XT_TARGET_TPROXY, which throws off the

> ifdef logic in the udp core code:

> 

> net/ipv6/netfilter/nf_tproxy_ipv6.o: In function `nf_tproxy_get_sock_v6':

> nf_tproxy_ipv6.c:(.text+0x1a8): undefined reference to `udp6_lib_lookup'

> net/ipv4/netfilter/nf_tproxy_ipv4.o: In function `nf_tproxy_get_sock_v4':

> nf_tproxy_ipv4.c:(.text+0x3d0): undefined reference to `udp4_lib_lookup'

> 

> We can actually simplify the conditions now to provide the two functions

> exactly when they are needed.

> 

> Fixes: 45ca4e0cf273 ("netfilter: Libify xt_TPROXY")

> Signed-off-by: Arnd Bergmann <arnd@arndb.de>


Pablo, I'm going to apply this directly to fix the link failure.

Thanks Arnd.

On Tue, Jun 05, 2018 at 10:54:53AM -0400, David Miller wrote:
> From: Arnd Bergmann <arnd@arndb.de>

> Date: Tue,  5 Jun 2018 13:40:34 +0200

> 

> > It is now possible to enable the libified nf_tproxy modules without

> > also enabling NETFILTER_XT_TARGET_TPROXY, which throws off the

> > ifdef logic in the udp core code:

> > 

> > net/ipv6/netfilter/nf_tproxy_ipv6.o: In function `nf_tproxy_get_sock_v6':

> > nf_tproxy_ipv6.c:(.text+0x1a8): undefined reference to `udp6_lib_lookup'

> > net/ipv4/netfilter/nf_tproxy_ipv4.o: In function `nf_tproxy_get_sock_v4':

> > nf_tproxy_ipv4.c:(.text+0x3d0): undefined reference to `udp4_lib_lookup'

> > 

> > We can actually simplify the conditions now to provide the two functions

> > exactly when they are needed.

> > 

> > Fixes: 45ca4e0cf273 ("netfilter: Libify xt_TPROXY")

> > Signed-off-by: Arnd Bergmann <arnd@arndb.de>

> 

> Pablo, I'm going to apply this directly to fix the link failure.


BTW, could you also pick this fix for net-next?

http://patchwork.ozlabs.org/patch/924706/

Thanks.

From: Pablo Neira Ayuso <pablo@netfilter.org>

Date: Wed, 6 Jun 2018 15:33:24 +0200

> BTW, could you also pick this fix for net-next?

> 

> http://patchwork.ozlabs.org/patch/924706/


Sorry, I just noticed this now.

Applied.